FTC call for robocall-killing systems attracts Pi-wielding inventor.

Share this story

When the Federal Trade Commission told the public it would give $50,000 to anyone who could devise an effective and convenient way to stop telemarketing robocalls, proposals from more than 700 would-be inventors came in.

Among those was Alex Ruiz, a 24-year-old Linux systems administrator from California. Ruiz saw a way to combine his programming and tinkering skills with a device we've written a lot about—the Raspberry Pi. During the past three months, Ruiz devised a system including a Raspberry Pi, an analog telephone adapter, and a network switch that uses whitelisting to pass legitimate calls through while blocking those annoying telemarketers.

Winners of the FTC contest are expected to be announced in early April. Ruiz's setup, while it appears to be technically sound, may be inconvenient for consumers since his current design requires three separate hardware devices. Ruiz is confident he'll win, though, and at the very least his project is a good demonstration of how low-cost computers like the $35-Raspberry Pi can open new opportunities for tinkerers.

"I felt [the Raspberry Pi] was economically viable and Linux is flexible enough for me to write whatever I need to," Ruiz said in a phone interview. "If I need to test eight units quickly, even on a budget, I could do it with this."

Ruiz calls his product the "Banana Phone," after this video. The Raspberry Pi acts as a communications server handling telephony processing, call logic handling, and integration with a whitelist database. The analog telephone adapter converts landline phone calls into VoIP (Voice over Internet Protocol) traffic, and the network switch allows the Raspberry Pi and analog telephone adapter to communicate with each other.

While the Raspberry Pi was key in building the Banana Phone because of its low cost and Ruiz's experience with Linux, that doesn't necessarily mean a Pi would be required in a final design. Ruiz said he "kept it hardware agnostic," so if implemented "on any semi-intelligent calling platform, it will be able to do the job."

Ruiz isn't the only competitor in the FTC Robocall Challenge to use a Raspberry Pi. Another submitter proposed "an audio fingerprinting-based solution to stop robocalls," saying a "stripped-down version of Raspberry Pi should be powerful enough to process the audio and to match audio fingerprints." The idea in that proposal is to identify robocalls by sound and block them.

Ruiz takes a different approach. With Banana Phone, callers are asked to enter a four-digit authentication code to prove they're human. This passes the call to the live line, and the validated Caller ID is stored in a local whitelist. Your friends only have to type the code in once.

The Pi portion of the Banana Phone system runs the Asterisk PBX phone software and MySQL database. Ruiz used PHP to write his own software that determines on the fly whether a call is valid. He spent about three months developing the system.

Here's a video demonstration of the Banana Phone:

Alex Ruiz and the Banana Phone.

One of the trickiest parts is allowing legitimate, legal robocalls to come through, such as ones from charities and government agencies. Ruiz notes that "blacklists" aren't that effective because numbers can be easily falsified using Internet-based calling. Ruiz proposes the creation of a global database of whitelisted numbers the Banana Phone could query via an Internet connection. Each whitelisted number would have an expiration date, to prevent illegal robocallers from spoofing known good numbers, Ruiz said. Ruiz calls it the "Keep-Alive Whitelist Method."

When Banana Phone loses its Internet connection, it falls back to a blind-dial method that allows legitimate calls to go through with the use of an 8-digit code.

"The Blind Dial code is regenerated and updated to the Global Database over an arbitrary time interval (for testing purposes, it is two weeks)," Ruiz notes in a design document. "The updating process for the Blind Dial Code is done entirely over the existing telephone line, with the System calling into the Global Database via a VoIP line. The Blind Dial Code serves dual purposes, acting as a non-networked alternative to the Keep-Alive Whitelist method and as a redundant means of authentication should a System lose Internet connectivity."

This would require some extra work on the part of the legal robocaller. Ruiz gives the example of a pharmacist notifying a customer that medication is ready for pick-up. When the blind dial method is needed, the pharmacist would have to "tell his robo-call software to send those DTMF digits (button presses) on that line when the call is answered by the trap line."

Banana Phone would allow emergency calls through, in cases when a person dials 911 or another emergency number, gets disconnected, and receives a call back. It would do this by watching for outbound dialing of 911 or other emergency numbers. We assume some strict privacy controls would have to be implemented if this type of system were ever deployed.

Incident logging helps improve the system over time, Ruiz said. "Calls that fail the human authentication test have their caller ID info and stats on the call (time, duration, input received on authentication test, etc.) logged and sent over to the Global Database for analysis and overall system improvement," Ruiz noted in an e-mail. "If a robocall manages to get past the human auth process (called "the trap line"), then the caller has the ability to flag that call for hang up and immediate logging (pressing *44) upon answering."

Is the complexity worth it?

Banana Phone is ready to be used with any landline or VoIP system, Ruiz said. Smartphones will come later.

The FTC has said it will judge proposed systems first and foremost on how successful they are in blocking illegal robocalls while allowing legal calls. There are numerous other considerations: an ideal solution should be consumer-friendly, work across landlines, VoIP, and mobile phones, and be both technologically and economically realistic.

"What has to be changed for your idea to work?" the FTC's guidelines note. "Can it function in today’s marketplace? (E.g., Does it require changes to all phone switches world-wide, and require active cooperation by all of the world’s phone companies and VoIP gateways, or can it work with limited adoption?) Solutions that are deployable at once will be more heavily weighted, as will solutions that give immediate benefits with even small-scale deployment."

Any system that blocks illegal robocalling without blocking legal automated calls is likely to be complicated, given that the problem is so difficult the FTC is practically begging the public for help in solving it. No system is likely to see mass adoption unless it's easy to use both for consumers and legal robocallers.

Ruiz's system does sound onerous to us in several respects, with the requirements for a global database and extra steps legitimate robocallers (like that pharmacist) have to go through. The whitelist database Ruiz says is necessary for his proposal doesn't exist today. He speculates it could be operated by the FTC or by a private company. Either way, the need to create and maintain that database is one more example of how complicated putting such a system into place would be.

There's also the problem of needing three devices connected to your phone—although Ruiz suggested a future version might be able to implement all the functionality into one piece of hardware.

While Banana Phone is landline and VoIP-only today, Ruiz is planning a software-only version for Android. That will have to be deployed differently because in Android "they don't give you access to direct voice streams because that would be a huge security risk," he said.

On Android, the system would use whitelisting as well as filters, and be deployed as an app on the phone. The filters would look for telltale signs like an area code number being repeated in the prefix number, and then assign a "call threat index" rating based on the probability the call is from an illegal robocaller. Flagged calls would be dumped to voicemail instead of triggering the ringer. The user will then get a notification with the option to listen to or delete the message, or whitelist the number.

Development for Android hasn't begun yet, as Ruiz is still fine-tuning the system for landlines and VoIP phones.

Even if he doesn't win the FTC contest, Ruiz says he is in it for the long haul. He's in the process of patenting his system, and he's planning to gather funding in an attempt to bring it to market.